Better Spambot Protection in phpBB3?

Discussion of general topics related to the new version and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Forum rules
Discussion of general topics related to the new release and its place in the world. Don't discuss new features, report bugs, ask for support, et cetera. Don't use this to spam for other boards or attack those boards!
Post Reply
User avatar
th23
Registered User
Posts: 112
Joined: Sat Jul 03, 2004 4:26 pm
Location: Bonn, Germany
Contact:

Re: Better Spambot Protection in phpBB3?

Post by th23 »

Just a quick question to those who already have some more experience with the spam-prevention measures than I have actually: Does it make sense to have the register-template redesigned - maybe even randomly choosing between multiple ones that are redesigned?

E.g. that might have the fields assorted differently and/or the captcha on an other place on the page and stuff like that...

Thanks
th23
User avatar
Wernight
Registered User
Posts: 26
Joined: Sun Apr 02, 2006 2:15 pm
Location: France
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Wernight »

Highway of Life wrote:And I'm sure you will see many spam prevention MODs become available for phpBB3, and I would recommend picking one up when you can.
How can you be so sure?
th23 wrote: Does it make sense to have the register-template redesigned - maybe even randomly choosing between multiple ones that are redesigned?

E.g. that might have the fields assorted differently and/or the captcha on an other place on the page and stuff like that...

Not that much improvement as the name of the form field keeps the same: <input name="xxxx" ...>.

What would be better, like Highway of Life said, would be to add a field: "Math test: (5 - 1) divided by 2 = ". This is just one example. If everyone change the CAPTCHA method in a unique way it would be a hell for bots for many years.
User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

th23 wrote: Does it make sense to have the register-template redesigned - maybe even randomly choosing between multiple ones that are redesigned?
It makes little difference to the bots where you put your fields, and could care less if you even use a style at all.
Wernight wrote: How can you be so sure?
There are an uncountable number of these types of MODs for phpBB2.0.x, and registration on phpBB3 is just as simple for Spambots, therefore, it's easy to assume this will be the case, I myself am making one, another MOD author is making one... and we are not even in Gold yet.

There are many, many different, but effective ways to defeat spambot registrations, each one has it's pro's and con's... Visual Confirmation is a must, but many times, and especially if you have a decent sized-board, something more is needed... the more randomization you can make to the registration process, the better success you will have... but I cannot stress enough, don't go overboard so far that Grandma can't sign up.
Image
User avatar
th23
Registered User
Posts: 112
Joined: Sat Jul 03, 2004 4:26 pm
Location: Bonn, Germany
Contact:

Re: Better Spambot Protection in phpBB3?

Post by th23 »

Highway of Life wrote:
th23 wrote: Does it make sense to have the register-template redesigned - maybe even randomly choosing between multiple ones that are redesigned?
It makes little difference to the bots where you put your fields, and could care less if you even use a style at all.


Ok, that makes sense... my intention was more using different field and/or captcha file names... Sounds better?
User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

Using a different, or random input NAME would work, but you must remember that it must match the input validation on the registration processor.
Image
User avatar
th23
Registered User
Posts: 112
Joined: Sat Jul 03, 2004 4:26 pm
Location: Bonn, Germany
Contact:

Re: Better Spambot Protection in phpBB3?

Post by th23 »

Highway of Life wrote: Using a different, or random input NAME would work, but you must remember that it must match the input validation on the registration processor.


;) that's sure but managable... maybe I start a MOD targeting this
User avatar
th23
Registered User
Posts: 112
Joined: Sat Jul 03, 2004 4:26 pm
Location: Bonn, Germany
Contact:

Re: Better Spambot Protection in phpBB3?

Post by th23 »

Okay, just to clarify for me: Spam Bots identify the fields to input the data by their name-tag not by position?
cutaia
Registered User
Posts: 45
Joined: Wed Mar 30, 2005 4:08 am
Location: Aurora, CO
Contact:

Re: Better Spambot Protection in phpBB3?

Post by cutaia »

Anyone know how well mods like Kittyauth work? And has anyone heard if they are making a Kittyauth mod for PHPBB3?
User avatar
Highway of Life
Registered User
Posts: 1399
Joined: Tue Feb 08, 2005 10:18 pm
Location: I'd love to change the World, but they won't give me the Source Code
Contact:

Re: Better Spambot Protection in phpBB3?

Post by Highway of Life »

Don't know what Kittyauth is.
Image
cutaia
Registered User
Posts: 45
Joined: Wed Mar 30, 2005 4:08 am
Location: Aurora, CO
Contact:

Re: Better Spambot Protection in phpBB3?

Post by cutaia »

Well, then allow me to enlighten you. It's a grid of random pictures that changes on each page load. The person must click (for example) all the pictures that contain tigers before submitting the page. It seems like a damned good idea as it pretty much reqires a human to descern between pictures.

Here's an example of the process at work on their website, although, admittedly it doesn't seem to have been updated very recently at all.

http://kittenauth.com/node/5

Come to think of it, I probably should have asked this question over there instead of here.

Oh well...you live, you learn.
Post Reply